CNNVD-202506-3024 Information

Jun 24, 2025 cve

CNNVD ID

CNNVD-202506-3024

CVE-2025-34041

CNNVD Published: 2025-06-24

Description (Chinese)

Sangfor Endpoint Detection and Response是中国深信服（Sangfor）公司的一款下一代终端安全解决方案。 Sangfor Endpoint Detection and Response 3.2.16版本、3.2.17版本和3.2.19版本存在安全漏洞，该漏洞源于EDR Manager接口存在缺陷导致OS命令注入攻击。

Description (English)

The Sangfor Endpoint Detion and Reponse are China’s faith in a one-generation end-of-life solution for Sangfor. There is a security loophole in the Sangfor Endpoint Defense and Response, Version 3.2.16, Version 3.2.17 and Version 3.2.19, which stems from defects in the EDR Manager interface that led to the OS command injection attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Sankhya

Published

2025-06-24

Last Modified

2026-02-24

References

https://www.sangfor.com/blog/cybersecurity/sangfor-endpoint-secure-remote-command-execution-vulnerability https://www.cnvd.org.cn/flaw/show/CNVD-2020-46552 https://vulncheck.com/advisories/sangfor-edr-command-injection https://access.redhat.com/security/cve/cve-2025-34041

Patch

https://www.sangfor.com/blog/cybersecurity/sangfor-endpoint-secure-remote-command-execution-vulnerability

Share on: